Spam Spoofing My Domain as Mail Server


#1

It’s not scoring very high as spam, but I don’t post anything from Italy. The first ‘received from’ at the bottom shows: Received: from 82.107.43.236(helo=####.com) by ####.com with esmtpa (Exim 4.69) (envelope-from ) id 1MMHT6-9388lw-3H for <$$$$@####.com>; Fri, 22 Apr 2011 09:22:18 +0100
where ####.com is my domain and $$$$@####.com is my address. Except I don’t live at that IP, and it’s a mail server in Italy, I think.

(See full headers, etc. below.)

I would hope dreamhost’s own servers would recognize 82.107.43.236 as ‘not Dreamhost’, verify ####.com as a dreamhost domain and automatically toss any mail from ####.com at that IP in the bit bucket. Why doesn’t that happen?

I get the impression that DH has probably set up their mail servers correctly, but that the administrator in Italy at this IP has not. Either that, or it’s a zombie server. Any ideas? Why can’t DH recognize the incorrect server and just delete, or at least recognize this as spam?

I read a little about a similar phenomenon here:
http://800notes.com/Phone.aspx/1-916-484-3795

Email with full headers:

[code]Return-Path: 11211@ms29.hinet.net
X-Original-To: $$$$@####.com
Delivered-To: x11661074@homiemail-mx21.g.dreamhost.com
Received: from diehard.dreamhost.com (caiajhbdccah.dreamhost.com [208.97.132.207])
by homiemail-mx21.g.dreamhost.com (Postfix) with ESMTP id 1E6AD6D80B8
for <$$$$@####.com>; Fri, 22 Apr 2011 01:22:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
by diehard.dreamhost.com (Postfix) with ESMTP id 19E9B17BC062
for <$$$$@####.com>; Fri, 22 Apr 2011 01:22:20 -0700 (PDT)
X-DH-Virus-Scanned: Debian amavisd-new at diehard.dreamhost.com
X-Spam-Flag: NO
X-Spam-Score: 2.699
X-Spam-Level: **
X-Spam-Status: No, score=2.699 tagged_above=-999 required=999
tests=[FH_FROMEML_NOTLD=2.699] autolearn=disabled
Received: from godfather.dreamhost.com ([208.97.132.177])
by localhost (diehard.dreamhost.com [208.97.132.157]) (amavisd-new, port 10024)
with ESMTP id iof8zjnvBWXB for <$$$$@####.com>;
Fri, 22 Apr 2011 01:22:19 -0700 (PDT)
Received: from host236-43-static.107-82-b.business.telecomitalia.it (host236-43-static.107-82-b.business.telecomitalia.it [82.107.43.236])
by godfather.dreamhost.com (Postfix) with ESMTP id 1C4C01B00EA
for <$$$$@####.com>; Fri, 22 Apr 2011 01:22:14 -0700 (PDT)
Received: from 82.107.43.236(helo=####.com)
by ####.com with esmtpa (Exim 4.69)
(envelope-from )
id 1MMHT6-9388lw-3H
for <$$$$@####.com>; Fri, 22 Apr 2011 09:22:18 +0100
From: Tanuja@diehard.dreamhost.com
To:
Subject: Newsletter Fri, 22 Apr 2011 09:22:18 +0100
Date: Fri, 22 Apr 2011 09:22:18 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: rvrx-66
Message-ID: 5339014301.2C3ZBY63402788@lmeqj.xdgkyzlxdlgu.org

Special News for you!

Do you want an improved future, soar in money earning, and the admiration of all?

Special offer:
We can assist with Diplomas from prestigious universities based on your present
knowledge and professional experience.

Get a Degree in 6 weeks with our program!

~Our program will let ANYONE with professional experience
get a 100% verified Degree:

~Doctorate
~Bachelors
~Masters

  • Think about it…
  • Follow YOUR Dreams!
  • Live a better life by earning or upgrading your degree.

This is a good chance to make a right move and receive your due
benefits… if you are qualified but are lacking that piece of paper. Get one from
us in a short time.

Contact Us to start improving your life!

~CALL~

1-916-484-3795

You should leave us a voice message with your phone number with country code if
outside USA and name and we’ll get back to you as soon as possible.

It is your decision…
Make the right decision.

Best regards.

Do Not Reply to this Email.
We do not reply to text inquiries, and our server will reject all response traffic.
We apologize for any inconvenience this may have caused you.[/code]


#2

Getting a notice that “email you didn’t send has been rejected” is as annoying as direct spam. I think part of the problem is that the notices we get from other hosts is legitimate, so DH can’t reject that, even though the notices themselves incorrectly report of illegitimate mail. It would be nice if legit mail servers could trash mail like this, and perhaps report back to server admins who don’t catch this stuff that they need to do something.

The bottom line is that we’re all operating with POP3/SMTP protocols that are over 30 years old and they were never intended to be used as they have been. Rather than fix the problem that costs the world tens of billions of dollars annually, everyone would prefer to use paper clips and bubblegum to patch the problems as they occur (including malware and spam and massive bandwidth consuming trash traffic), or to just ignore the issues. The problem will be solved when the world learns that it’s better to trash old protocols and move forward with new ones than to give up and accept the issues with the broken ones.